package com.hbx.platform.base.interceptor;

import com.hbx.platform.auth.context.LoginContext;
import com.hbx.platform.auth.service.IPermissionService;
import com.hbx.platform.base.annotation.AutoPermission;
import com.hbx.platform.org.domain.Employee;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
import java.util.List;

/**
 * 拦截请求，与前端的axios拦截器配合
 * @author: hbx
 * @date: 2024/04/08
 **/
@Component
public class LoginInterceptor implements HandlerInterceptor {

    @Autowired
    private IPermissionService permissionService;

    @Autowired
    private RedisTemplate<String,Object> redisTemplate;

    /**
     * 前置拦截器
     * @param request
     * @param response
     * @param handler
     * @return
     * @throws Exception
     */
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

        //获取请求头，得到token 这里一进来就判断的原因是放行了登录请求
        String token = request.getHeader("TOKEN");
        Employee employee = (Employee) redisTemplate.opsForValue().get(token);
        //两种情况：1.没有登录；2.身份过期，全局map里面取不到用户信息
        if(token == null || employee == null){
            //设置相应内容的格式和字符集 json
            response.setContentType("application/json;charset=utf-8");
            //{"success":false,"message":"noLogin"}
            response.getWriter().print("{\"success\":false,\"message\":\"noLogin\"}");
            return false;//拦截
        }

        //查询当前用户的权限
        List<String> permissions = permissionService.getPermissionsByEmpId(employee.getId());
        HandlerMethod handlerMethod = (HandlerMethod) handler;
        Method method = handlerMethod.getMethod();
        AutoPermission autoPermission = method.getAnnotation(AutoPermission.class);
        if(autoPermission == null){//为空表示，该方法没有权限控制
            return true;
        }
        String sn = method.getDeclaringClass().getSimpleName() +":"+ method.getName();

        if(!permissions.contains(sn)){ //不包含 表示当前用户没有访问该方法的权限
            //设置相应内容的格式和字符集 json
            response.setContentType("application/json;charset=utf-8");
            //{"success":false,"message":"noLogin"}
            response.getWriter().print("{\"success\":false,\"message\":\"noPermission\"}");
            return false;//拦截
        }

        return true;
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {

    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {

    }
}
